One of the most widely used and popular encryption protocols has been identified to have a severe vulnerability that could expose the sensitive data being encrypted by the protocol, possibly exposing credit card details, passwords, and other highly sensitive data encrypted by the Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols.
The SSL/TLS vulnerability abuses a 13-year-old weakness in the less secure Rivest Cipher 4 (RC4) encryption algorithm, which is commonly used to stream cipher for protecting 30 percent of the webs TLS traffic today.
The attack dubbed, Bar-Mitzvah (no not the Jewish celebration), doesn’t require you to perform a man-in-the-middle (MiTM) attack between a client or server to steal data such as previous SSL/TLS vulnerabilities had required.
Instead, Itsik Mantin, debuted his vulnerability at the Black Hat Asia security conference being held in Singapore this year, the same place 24-year-old Eric Evenchick plans to debut his $60 car hacking tool, a simple CAN to USB tool that simplifies the process of hacking into digital cars.
Mantin from security firm Imperva presented his findings through a research paper titled: “Attacking SSL when using RC4” at the conference Thursday.
Bar Mitzvah attack exploits the “Invariance Weakness,” a weak key patter used in RC4 keys that can expose plain text data from the SSL/TLS encrypted traffic into a cipher text under certain conditions, which has the potential to leak sensitive data from machines and servers.
The labeled Invariance Weakness of RC4 pseudo-random stream allows attackers to pinpoint RC4 streams from the randomness and increase their probability to expose sensitive data in plain text.
“The security of RC4 [algorithm] has been questionable for many years, in particular its initialization mechanisms,” the security researchers wrote in their RC4 paper [PDF]. “However, only in recent years has this understanding begun translating into a call to retire RC4. In this research, we follow [research on 2013 RC4] and show that the impact of the many known vulnerabilities on systems using RC4 is clearly underestimated.”
The Bar Mitzvah exploit is the first practical attack that can be carried out on the SSL protocol that only requires passive sniffing on the SSL/TLS-encrypted connections, rather than active, requiring a man-in-the-middle attack, Mantin highlighted. Though researchers note a MiTM attack could be used to hijack the session as well.
To protect yourself from the 13-year-old Bar Mitzvah attack, researchers recommend while we wait for the demise of RC4, similar to the decade old SSLv3, the following can be used to protect administrators servers from the RC4 weakness.
- Web application administrators should disable RC4 in their applications’ TLS configurations.
- Web users (particularly power users) are recommended to disable RC4 in their browser’s TLS configuration.
- Browser providers should consider removing RC4 from their TLS cipher list.
Through the past countless severe vulnerabilities abused as attacks we’ve see including BEAST, CRIME, and POODLE on the SSL protocol all leverage the RC4 weakness. In hindsight, a vast majority of large websites still rely on RC4.